CVE-2007-0646

iMovie HD 6.0.3 and Safari in Mac OS X 10.4-10.4.10 - Denial of Service via Format String in Filename

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0646. PoCs published by LMH.

AI-analyzed exploit summary This exploit leverages a format-string vulnerability in multiple Mac OS X applications (Help Viewer, Safari, iPhoto, iMovie) by creating a maliciously named file. The '%n' format specifiers in the filename can write arbitrary data to memory, potentially leading to remote code execution.

Description

Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by LMH · textdososx

https://www.exploit-db.com/exploits/29551

View Code ZIP pw:eip

This exploit leverages a format-string vulnerability in multiple Mac OS X applications (Help Viewer, Safari, iPhoto, iMovie) by creating a maliciously named file. The '%n' format specifiers in the filename can write arbitrary data to memory, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Racy

Target: Help Viewer 3.0.0, Safari 2.0.4, iMovie HD 6.0.3, iPhoto 6.0.5

No auth needed

Prerequisites: Ability to create a file with a crafted name on the target system · Victim interaction to open the file

MITRE ATT&CK